CVE-2015-2019

CWE-17 CWE-352 — Cross-Site Request Forgery (CSRF)CWE-79 — Cross-site Scripting (XSS)CWE-3627 documents15 sources

Severity

2.1LOW

EPSS

0.1%

top 75.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tivoli Directory Server

Timeline

PublishedJun 28

Latest updateJan 13

Description

IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not prevent caching of documents retrieved in SSL sessions, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/tivoli_directory_server6 versions+5

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

OSV

libxmltok vulnerabilities↗2025-01-13

▶

GHSA

OpenNMS Horizon vulnerable to XSS↗2022-05-24

▶

GHSA

GHSA-ww3r-g52r-m6j3: IBM Tivoli Security Directory Server 6↗2022-05-17

▶

GHSA

Cross-Site Request Forgery in OpenNMS Horizon↗2021-05-25

▶

CVEList

CVE-2015-2019: IBM Tivoli Security Directory Server 6↗2015-06-28

▶

💥Exploits & PoCs

Exploit-DB

Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution (Metasploit)↗2023-05-25

▶

Exploit-DB

Gemtek WVRTM-127ACN 01.01.02.141 - Authenticated Arbitrary Command Injection↗2020-11-19

▶

Exploit-DB

Microsoft Windows Kernel - Information Disclosure↗2020-01-27

▶

Exploit-DB

Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass (MS15-014)↗2019-10-29

▶

Exploit-DB

SaLICru -SLC-20-cube3(5) - HTML Injection↗2019-04-08

▶

📋Vendor Advisories

Microsoft

Skype for Business Remote Code Execution Vulnerability↗2023-10-10

▶

Red Hat

struts: XSS vulnerability when JSP files are exposed to be accessed directly↗2015-08-26

▶

🕵️Threat Intelligence

Trendmicro

Backdoor-Variante infiziert Word-Dokumente und PDFs↗2019-08-26

▶

Trendmicro

Asruex Backdoor Infects Files Via Old Vulnerabilities↗2019-08-22

▶

Trendmicro

Asruex Backdoor Infects Files Via Old Vulnerabilities↗2019-08-22

▶

Trendmicro

Asruex Backdoor Infects Files Via Old Vulnerabilities↗2019-08-22

▶

💬Community

HackerOne

Apache HTTP [2.4.17-2.4.38] Local Root Privilege Escalation↗2019-09-11

▶

Bugzilla

CVE-2019-12815 proftpd: file copy vulnerability in mod_copy allows for remote code execution↗2019-07-23

▶